A year ago, two security researchers discovered vulnerabilities in a Subaru web portal that allowed them to hijack car controls and track driver location data, according to a Wired report.
Subaru has since fixed the vulnerabilities after the researchers – Sam Curry and Shubham Shah – reported their findings to the Japanese automaker. But the two warn that finding and fixing security flaws in cars with connected technology only puts a bandage on a more pervasive security issue.
The researchers in this case hacked a test car through a web portal for employees, which not only allowed them to do things like remotely start the car, but also to track the location of the vehicle in real-time and see a year’s worth of location data.
“Whether somebody’s cheating on their wife or getting an abortion or part of some political group, there are a million scenarios where you could weaponize this against someone,” Curry told Wired.
As long as employees have access to such data, that information is vulnerable to evolving methods of hacking.
The researchers also noted that this is an industry-wide problem. The same web-based flaws also affect other carmakers like Acura, Genesis, Honda, Hyundai, Infiniti, Kia, and Toyota.
